Access Manager Sample Configuration Script Input
File

After you run the Java Enterprise System installer, the Access Manager
sample configuration script input file (amsamplesilent)
is available in the AccessManager-base/SUNWam/bin directory on Solaris systems or the AccessManager-base/identity/bin directory on Linux systems.

To set configuration variables, first copy and rename the amsamplesilent file. Then set the variables in the copy for the
operation you want to perform. For an example of this file, see Example Configuration Script Input File.

Deployment Mode Variable

This section describes the values for the required DEPLOY_LEVEL variable. This variable determines the operation
you want the amconfig script to perform.

Table 1–1 Access Manager DEPLOY_LEVEL
Variable

Operation

DEPLOY_LEVEL Variable Value and Description

Install

1 = Full Access Manager installation for a new instance (default)

2 = Install Access Manager console only

3 = Install Access Manager SDK only

4 = Install SDK only and configure the container

5 = Install Federation Management module only

6 = Install server only

7=Install Access Manager and configure the container for deploying with
Portal Server.

Caution DEPLOY_MODE=7 is intended
only for deploying Access Manager with Portal Server.

For some deployments, you might want to install the console only and
server only on a single host server using different web containers. First,
run the Java ES installer to install all Access Manager subcomponents using
the Configure Later option. Then, run the amconfig script
to configure both the console and server instances.

Uninstall (unconfigure)

11 = Full uninstall

12 = Uninstall console only

13 = Uninstall SDK only

14 = Uninstall SDK only and unconfigure the container

15 = Uninstall Federation Management module

16 = Uninstall server only

Uninstall Access Manager and unconfigure the container when deployed
with Portal Server.

Caution DEPLOY_MODE=7 is intended
only when Access Manager is deployed with Portal Server.

Access Manager Realm Mode is enabled by default. If you are
deploying Access Manager with Portal Server, Messaging Server, Calendar Server,
Delegated Administrator, or Instant Messaging, you must select Legacy Mode
(AM_REALM=disabled) before you run the amconfig script.

BASEDIR

Base installation directory for Access Manager packages.

Default: PLATFORM_DEFAULT

For Solaris systems, PLATFORM_DEFAULT is /opt

For Linux systems, PLATFORM_DEFAULT is /opt/sun

SERVER_HOST

Fully qualified host name of the system where Access Manager is running
(or will be installed).

For a remote SDK installation, set this variable to the host where Access
Manager is (or will be) installed and not the remote client host.

This variable should match the counterpart variable in the web container
configuration. For example, for Application Server 8, this variable should
match AS81_HOST.

SERVER_PORT

Access Manager port number. Default: 58080

For a remote SDK installation, set this variable to the port on the
host where Access Manager is (or will be) installed and not the remote client
host.

This variable should match the counterpart variable in the web container
configuration. For example, for Application Server 8, this variable should
match AS81_PORT.

SERVER_PROTOCOL

Server protocol: http or https. Default: http

For a remote SDK installation, set this variable to the protocol on
the host where Access Manager is (or will be) installed and not the remote
client host.

This variable should match the counterpart variable in the web container
configuration. For example, for Application Server 8, this variable should
match AS81_PROTOCOL.

CONSOLE_HOST

Fully qualified host name of the server where the console is installed.

Default: Value provided for the Access Manager host

CONSOLE_PORT

Port of the web container where the console is installed and listens
for connections.

Default: Value provided for the Access Manager port

CONSOLE_PROTOCOL

Protocol of the web container where the console is installed.

Default: Server protocol

CONSOLE_REMOTE

Set to true if the console is remote from the Access Manager services.
Otherwise, set to false. Default: false

DS_HOST

Fully qualified host name of Directory Server.

DS_PORT

Directory Server port. Default: 389.

DS_DIRMGRDN

Directory manager DN: the user who has unrestricted access to Directory
Server.

URI that determines the mapping that the web container running Access
Manager will use between a string you specify and a corresponding deployed
application.

Default: /ampassword

COMMON_DEPLOY_URI

URI prefix for accessing the common domain services on the web container.

Default: /amcommon

COOKIE_DOMAIN

Names of the trusted DNS domains that Access Manager returns to a browser
when it grants a session ID to a user. At least one value should be present.
In general, the format is the server’s domain name preceded with a period.

Example: .example.com

JAVA_HOME

Path to the JDK installation directory. Default: /usr/jdk/entsys-j2se. This variable provides the JDK used by the command line interface’s
(such as amadmin) executables. The version must be 1.4.2
or later.

AM_ENC_PWD

Password encryption key: String that Access Manager uses to encrypt
user passwords. Default: none. When the value is set to none, amconfig will generate a password encryption key for the user, so a password
encryption will exist for the installation that is either specified by the
user or created through amconfig .

Important: If you are deploying multiple
instances of Access Manager or the remote SDK, all instances must use the
same password encryption key. When you deploy an additional instance, copy
the value from the am.encryption.pwd property in the AMConfig.properties file for the first instance.

PLATFORM_LOCALE

Locale of the platform. Default: en_US (US English)

NEW_OWNER

New owner for the Access Manager files after installation. Default:
root

NEW_GROUP

New group for the Access Manager files after installation. Default:
other

For a Linux installation, set NEW_GROUP to root.

PAM_SERVICE_NAME

Name of the PAM service from the PAM configuration or stack that comes
with the operating system and is used for the Unix authentication module (normally
other for Solaris or password for Linux).
Default: other.

XML_ENCODING

XML encoding. Default: ISO-8859-1

NEW_INSTANCE

Specifies whether the configuration script should deploy Access Manager
to a new user-created web container instance:

true = To deploy Access Manager to a new user-created web
container instance other than an instance that already exists.

2 = Use for an existing DIT. The naming attributes and object classes
are the same, so the configuration scripts load the installExisting.ldif and umsExisting.ldif files.

The configuration scripts also update the LDIF and properties files
with the actual values entered during configuration (for example, BASE_DIR,
SERVER_HOST, and ROOT_SUFFIX).

This update is also referred to as “tag swapping,” because
the configuration scripts replace the placeholder tags in the files with the
actual configuration values.

3 = Use for an existing DIT when you want to do a manual load. The naming
attributes and object classes are different, so the configuration scripts
do not load the installExisting.ldif and umsExisting.ldif files. The scripts perform tag swapping (described for mode 2).

You should inspect and modify (if needed) the LDIF files and then manually
load the LDIF files and services.

4 = Use for an existing multi-server installation. The configuration
scripts do not load the LDIF files and services, because the operation is
against an existing Access Manager installation. The scripts perform tag swapping
only (described for mode 2) and adds a server entry in the platform list.

5 = Use for an existing upgrade. The scripts perform tag swapping only
(described for mode 2).

Default: 1

USER_NAMING_ATTR

User naming attribute: Unique identifier for the user or resource within
its relative name space. Default: uid